Bridging AWS and Azure for Multi-Cloud Integration
Imagine the potential of having AWS and Azure working together, creating a unified, powerful infrastructure. This article will walk you through the process of establishing a secure and efficient connection between AWS and Azure using PrivateLink. By connecting these two cloud platforms, we can make our organization more flexible, efficient, and resilient in the cloud.
- Arunkumar Soundar
- Saurabh Sahu
Who are we?
We are Arunkumar Soundar (Tech Lead) and Saurabh Sahu (DevOps Engineer) from the banking platform team. We’d like to share our experience with establishing cross-cloud connectivity between AWS and Azure. While we will exclude confidential details such as specific product information and IP addresses, our goal is to provide valuable insights and knowledge for anyone interested in learning about AWS and Azure cross-cloud connectivity.
Let us begin to share this experience as a story which will be easier to understand this journey. We will also go through the technical implementations in the process.
The Story:
We initiated the provisioning of AWS accounts tailored to our development, integration, and production needs.
Sahu: Hi Arun, how are you today?
Arun: I am good, how are you doing?
Sahu: Not good, as we discussed the AWS accounts for the new API product has been provisioned but I am struggling with something …
Arun: What are you struggling with?
Sahu: As per the requirements, I want to make a connection to Azure from AWS.
Arun: What is your use case?
Sahu: I want to build an API with AWS and connect to an application running in Azure.
Arun: Let's dive in and make this work together. Our first step is setting up AWS accounts.
Once we had our AWS accounts set up, our next challenge was figuring out how to connect our product with the Azure platform. We needed to find the right solution to make this connection seamless and secure. We needed to find the magic.
Arun: We can solve this problem with the help of private links concept.
Sahu: Arun, what are private links?
Arun: Private links facilitate secure and private communication between resources deployed in different cloud environments, such as AWS and Azure. These links establish direct connections between the virtual networks of the respective cloud providers, allowing data to flow securely without traversing the public internet.
After some discussion, we discovered that private links held the key to our connectivity puzzle. These special links would allow us to bridge the gap between our AWS and Azure, ensuring smooth communication between the two environments.
Sahu: Oh okay, I get it now. But how do we implement it?
Arun: We would need to create VPC endpoint services and VPC endpoints in a central AWS connectivity account. We need to strategically position the VPC endpoint service in the centrally managed AWS account to serve as the focal point for cross-cloud communication.
Sahu: Got it, Arun. So, we are diving into the concept of private links and setting up VPC endpoints and services. But where do we begin?
Arun: To start, let us create a VPC endpoint service and VPC endpoint in our central AWS account which will then route the request from AWS account to the Azure platform.
Sahu: Okay, I am onto it and will implement it.
We created and configured the VPC endpoint service and the VPC endpoint, where the VPC ID is necessary for setting up the VPC endpoint.
The VPC endpoint played a key role in connecting our AWS account (the source) to the centrally managed AWS account (the mediator). We configured our security group ingress CIDR IP ranges with the VPC id to establish this connection.
Once configured, we specified the region of the AWS account from which traffic would be routed and provided the IP address of the Azure platform (the destination). In our case, the region was eu-north-1 (Stockholm), with the DR region being eu-west-1 (Ireland).
Sahu: With the VPC endpoints and services set up, shall we proceed with routing the traffic?
Arun: We cannot proceed just yet. In DNB, we still need to open the firewall port between the central AWS account and Azure platform to enable communication.
Finally, the cross-cloud setup is ready with the VPC resources set up and the firewall port opened, we seamlessly routed requests from AWS to Azure 🙌.
Let’s look into the architecture
There are two ways we can do this:
1. When connecting from AWS to Azure, the source will be VPC Endpoint service Private IPs, and the destination will be the Azure IP.
2. When connecting from Azure to AWS, the source IP will be VPC Endpoint Private IPs, and the destination will be the AWS CIDR IPs.
Conclusion:
In conclusion, our journey to connect AWS and Azure highlighted the importance of strategic planning, teamwork with the cloud team, and careful execution. As multi-cloud strategies become more common, our experience offers valuable insights to help product teams fully leverage multi-cloud environments.